I have an issue that I and my colleagues have been trying to figure out.
We have three Catalyst 4500 series switches in service, and they are all configured with DAI (which includes/requires DHCP snooping). While doing some sample sniffs on our VLANs, we found that there were more than a few instances of unicast traffic being sent out as broadcast.
After analyzing things further, we determined a few things:
1. The traffic was involving devices that have statically assigned IP addresses
2. Obviously, there was no DHCP snooping binding entry for the corresponding host on the switch it is connected to
3. There are ARP table entries for the hosts on all three switches, but the hosts’ MAC table entries are only on the switch they are connected to
For some reason I’m getting this impression that there is some correlation between the propagation of the MAC table entries and the DHCP snooping. However, I have no solid basis to confidently say that DHCP and DHCP snooping are the reasons why the layer 2 information is propagating. It does seem to be somewhat obvious to resolve, but there HAVE to be some others out there who have this same kind of scenario.
Any and all counsel on this will be greatly appreciated.